lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 21 Aug 2014 17:33:39 -0700 (PDT)
From:	David Miller <>
Subject: Re: [patch net-next 1/3] net: propagate sock pointer through
 netfilter hooks

From: Jiri Pirko <>
Date: Fri, 15 Aug 2014 20:32:54 +0200

> When output function (ip6_finish_output2 for example) needs to be called
> with sock pointer, we need to push sock pointer through the netfilter
> hooks. This patch does that.
> Signed-off-by: Jiri Pirko <>

Ok, I'm going to admit that I am having second thoughts about this
approach.  This is a quite large set of churn to fix this bug.

However, in the same breath, I can't come up with a simpler way to
propagate this information without the really unacceptable overhead of
adding another sk_buff member.

And even if we found some simple way to deal with that sk_mc_loop()
test, ipv6 has other demons in this area.

For example, look at what ip6_fragment() does, it also assumes skb->sk
is an inet6 socket.

	struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
	if (np && np->frag_size < mtu) {
		if (np->frag_size)
			mtu = np->frag_size;

The rest of the skb->sk usage in these place is fine, as they are
simply propagating socket ownership from one packet to another, rather
than doing protocol specific things with them.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists